Move to browserify organisation

[dcousens]

Thanks @calvinmetcalf for helping start this process.
We probably have three parts to do:

• Move the repositories
• Update the repositories package.json information
• Update the npm access to the browserify organisation (or relevant teams)

I am happy to move each of the packages from this organization to https://github.com/browserify and update their meta information in time. @ljharb could you move the package npm ownership/access to the relevant npm organisation/teams? 💛

The list of packages in https://github.com/crypto-browserify/ownership/blob/master/crypto-packages.json doesn't cover every package in this organisation. I'll move them across nonetheless and we can then add an issue to each repository to determine it's fate.

For example buffer-reverse, while useful, should be deprecated (Buffer has reverse now), but I'll still move it for now so we can do that in the right place.

[ljharb]

Yes, as soon as npm owner add ljharb has been run on each one, i'll get it set up in the browserify npm org properly.

(buffer-reverse should probably still be kept for browsers, and for older versions of node that lack it)

[dcousens]

Step 1 complete 💛

[dcousens]

@calvinmetcalf could you run this?
Some packages may fail, but that's OK, we'll double back when that happens

#!/bin/bash

while read -r package; do
	npm owner add ljharb "$package"
done << LIST
browserify-aes
browserify-des
browserify-rsa
browserify-scrypt
browserify-sign
cipher-base
create-ecdh
create-hash
create-hmac
crypto-browserify
diffie-hellman
evp_bytestokey
hash-base
md5.js
parse-asn1
pbkdf2
pseudorandombytes
public-encrypt
randombytes
randomfill
ripemd160
sha.js
timing-safe-equal
LIST

I have added @ljharb for these, as I still had ownership

buffer-reverse
buffer-xor

[dcousens]

@calvinmetcalf you might end up needing to add a --otp flag, as in npm owner add ljharb "$package" --otp "123456" as npm owner errors in a non-interactive shell (or run each command manually)

[dcousens]

Maybe there is merit to merging some of these packages, and the other node-like polyfills, into a monorepo (many packages, 1 repository) for easier maintenance too?
Could place the npm release process under a GitHub action too for increased auditing.

[ljharb]

I'm much more skeptical about that personally - monorepos in my experience make things much harder to maintain in the long run. Let's get everything transferred, and update what needs updating, before regrouping on larger questions like that.

[dcousens]

Sounds good.
I can understand that, except many of these packages are strictly dependent on each other and often need bumping and releasing in unison. As you say though, happy to regroup on that in time.

[calvinmetcalf]

OK I'll try to run that tomorow or Monday at the latest

…

On Fri, Apr 7, 2023, 7:56 PM Daniel Cousens ***@***.***> wrote: Sounds good. I can understand that, except many of these packages are strictly dependent on each other and often need bumping and releasing in unison. As you say though, happy to regroup on that in time. — Reply to this email directly, view it on GitHub <#3 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAITRH2PUMJO6OFT4AORFI3XACSRHANCNFSM6AAAAAAWW7DJXU> . You are receiving this because you were assigned.Message ID: ***@***.***>

[calvinmetcalf]

ok all set

[ljharb]

Thanks! I now have a "crypto" team in the browserify npm org with 24 packages on it.